DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Validation of header in authreq should be done only in the key (#5053)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-02-11 10:30:14 -03:00 committed by GitHub
parent fc41dc732a
commit 77586dd83b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
internal/ingress/annotations/authreq/main.go
View file

@ -218,8 +218,8 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
return nil, ing_errors.NewLocationDenied(fmt.Sprintf("unable to find configMap %q", proxySetHeaderMap))
}
for header, value := range proxySetHeadersMapContents.Data {
if !ValidHeader(header) || !ValidHeader(value) {
for header := range proxySetHeadersMapContents.Data {
if !ValidHeader(header) {
return nil, ing_errors.NewLocationDenied("invalid proxy-set-headers in configmap")
}
}

4
internal/ingress/annotations/authreq/main_test.go
View file

@ -276,8 +276,8 @@ func TestProxySetHeaders(t *testing.T) {
}{
{"single header", "http://goog.url", map[string]string{"header": "h1"}, false},
{"no header map", "http://goog.url", nil, true},
{"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, true},
{"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, true},
{"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, false},
{"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, false},
}
for _, test := range tests {